PROTECT AND SECURE
Interviews with computer security experts and consultants across the country—many of them young and brash but nonetheless well-informed—suggest that outside of a few regulated industries, such as banking and insurance, the majority of SMB CEOs have not taken sufficient steps to protect themselves. Hackers pursuing technical secrets may target startup companies in fields such as solar energy, genomics, pharmaceuticals, nanotechnology and other fields where American companies hold global advantage. More established companies that sell highly specialized equipment to aerospace and defense industries are also targeted.
Hackers don’t necessarily infiltrate smaller technology companies for what they have today—they may be more interested in what they can access once a smaller business establishes an alliance with a large company or is acquired. The cyber thieves can insert viruses and malware that lie dormant in a system until they are activated, which may be years later.
The attacking software can even work its way up through different levels of approval within a company’s system until it is accepted as legitimate. Other types of hackers seek information that can be sold on the “dark” Internet, the part that ordinary folks never see, and they go after the personal data of people who do business with hospitals, law firms or retailers.
The dark Internet is where hackers exchange code and brag about their exploits. The worst sort of hackers, however, are company insiders who have a beef with top management. They have security clearances—and axes to grind.
Most companies with less than $1 billion in sales a year cannot afford full-fledged IT departments with a dedicated chief security officer, and therefore may have only a handful of people managing a large, complex problem. Furthermore, when IT departments are aware that they have vulnerabilities and approach top management for funding to fix the problems, they are often denied that money. To compound matters, they fear that if they reveal too much about security gaps to their CEOs, they will be held responsible. “IT departments are way behind,” says Andrew Ostashen, co-founder of Boston-based Vulsec, another consultancy that specializes in smaller companies.
“They’re constantly climbing up the hill while the hackers are on top of the hill throwing rocks at them.” He notes that many SMBs have 10- and 12-year-old firewalls that cannot properly analyze the data flowing in and out of a company’s systems.
THE PEOPLE PROBLEM
One reality is that if the attackers can make direct contact with the people inside a company, they can almost certainly use employees’ social media postings to learn about their technological competencies and their personal interests. That helps them create special “come-on” messages, or phishes, that are so well-tailored that even a trained employee will click on an Internet link, introducing a virus or malware into the company’s systems. “The human is the weakest link,” says Ostashen, an “ethical hacker” who assaults companies’ systems to demonstrate their weaknesses. “If I can get to the human, I can almost always get in.” These types of attacks are also called remote social engineering attacks.
Another reality is that employees in all sizes of companies increasingly want to use their own smart phones or iPads to connect to their companies’ central nervous systems, whether from home or on the road. This creates another avenue the hackers can use if those communications are not encrypted. Employees who lose a company laptop loaded with sensitive information can create major problems.
Add it all up and it’s clear that CEOs of SMBs face a tremendous challenge in maintaining the vital flow of information and the creative exchanges among people inside their companies—and with business partners—without increasing the risk of getting hacked. And many are in denial about it, says Ostashen. “I go into a company and provide a roadmap for how to fix their problems, then go back six months later and find that the problems are actually worse,” he says. “Top management did not want to spend the money. They wanted to accept the risk.”
Chief Executive Group exists to improve the performance of U.S. CEOs, senior executives and public-company directors, helping you grow your companies, build your communities and strengthen society. Learn more at chiefexecutivegroup.com.
0
1:00 - 5:00 pm
Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process
Executives expressed frustration with their current strategic planning process. Issues include:
Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns. They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning. Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process. This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented. If you are ready for a Strategic Planning tune-up, select this workshop in your registration form. The additional fee of $695 will be added to your total.
2:00 - 5:00 pm
Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations.
Limited space available.
10:30 - 5:00 pm
General’s Retreat at Hermitage Golf Course
Sponsored by UBS
General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.
The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.
